| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aOP2DUj67yB0afUt@earth.li> Date: Mon, 6 Oct 2025 18:02:05 +0100 From: Jonathan McDowell <noodles@...th.li> To: Jarkko Sakkinen <jarkko@...nel.org> Cc: James Bottomley <James.Bottomley@...senpartnership.com>, Linus Torvalds <torvalds@...ux-foundation.org>, Peter Huewe <peterhuewe@....de>, Jason Gunthorpe <jgg@...pe.ca>, David Howells <dhowells@...hat.com>, keyrings@...r.kernel.org, linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [GIT PULL] TPM DEVICE DRIVER: tpmdd-next-v6.18 On Mon, Oct 06, 2025 at 07:51:46PM +0300, Jarkko Sakkinen wrote: > My main issue preventing sending a new pull request is that weird list > of core TPM2 features that is claimed "not to be required" with zero > references. Especially it is contraditory claim that TPM2_CreatePrimary > would be optional feature as the whole chip standard is based on three > random seeds from which primary keys are templated and used as root > keys for other keys. My understanding here is that the main specification about what's "required" for TPMs to implement is from the PC Client Platform TPM Profile. There's no specific server PTP (though there is talk about creating one), so _most_ vendors just implement the PC Client PTP. It doesn't mean a TPM that doesn't do so isn't TPM compliant, just not PC Client PTP compliant. Google have taken the approach in their Titan based TPM implementation to avoid implementing features they don't need, to reduce attack surface. I'm not aware of anyone else who has done this. J. -- ... You non-conformists are all alike.
Powered by blists - more mailing lists